Page 156 - Washington Nationals 2023 Benefits Guide -10.26.22_Neat
P. 156

MLB League-Wide Insurance Program
                                                                     Plan and Summary Plan Description

                                                       APPENDIX B

                    HIPAA PRIVACY & SECURITY OF PROTECTED HEALTH INFORMATION

               A.      Purpose.  Appendix B permits the Plan to use Protected Health Information (“PHI”) to
               the extent of and in accordance with the uses and disclosures permitted by the Health Insurance
               Portability and Accountability Act of 1996 and the Health Information Technology for Economic
               and Clinical Health Act and the related regulations (collectively referred to in this Appendix B as
               “HIPAA”).  Specifically, the Plan will use and disclose PHI for purposes related to health care
               treatment, payment for health care, and health care operations as set forth below.

               B.      Use and Disclosure of PHI.

                       (1)    The Plan will use PHI to the extent of and in accordance with the uses and
                       disclosures permitted by HIPAA, including but not limited to health care treatment,
                       payment for health care, health care operations and as required by law.  The Privacy
                       Notice will list the specific uses and disclosure of PHI that will be made by the Plan.

                       (2)    Disclosure to the Employer.  The Plan will disclose PHI to the Employer, or
                       where applicable, an affiliated Employer only upon receipt of written certification from
                       the Employer that:

                              (a)    The Plan document has been amended to incorporate the provisions in this
                              Appendix B; and;

                              (b)    The Employer agrees to implement the provisions in Section C herein.

               C.      Conditions Imposed on Employer.  Notwithstanding any provision of the Plan to the
               contrary, the Employer agrees:

                       (1)    Not to use or disclose PHI other than as permitted or required by this Appendix B
                       or as required by law;

                       (2)    To ensure that any agents, including a subcontractor, to whom the Employer
                       provides PHI received from the Plan agree to the same restrictions and conditions that
                       apply to the Employer with respect to PHI received or created on behalf of the Plan and
                       ensure that such individuals agree to implement reasonable and appropriate security
                       measures to protect Electronic PHI;

                       (3)    Not use or disclose an individual’s PHI for employment-related purposes
                       (including hiring, firing, promotion, assignment or scheduling) unless authorized by the
                       Individual;

                       (4)    Not to use or disclose an Individual’s PHI in connection with any other non-
                       health benefit program or employee benefit plan of the Employer unless authorized by
                       the Individual;


                       (5)    To report to the Plan any use or disclosure of PHI, including Electronic PHI, that
                       is inconsistent with this Appendix B, if it becomes aware of an inconsistent use or


              DB1/ 116860387.5                                                                       Page 25
   151   152   153   154   155   156   157   158   159   160   161